Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2001-1476

SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not.

Published

2001-01-18T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ssh	ssh	1.2.24	Yes
Application	ssh	ssh	1.2.25	Yes
Application	ssh	ssh	1.2.26	Yes
Application	ssh	ssh	1.2.27	Yes
Application	ssh	ssh	1.2.28	Yes
Application	ssh	ssh	1.2.29	Yes
Application	ssh	ssh	1.2.30	Yes
Application	ssh	ssh	1.2.31	Yes

References

http://www.kb.cert.org/vuls/id/565052 Exploit, Patch, US Government Resource ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/6490 ([email protected])
http://www.kb.cert.org/vuls/id/565052 Exploit, Patch, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6490 (af854a3a-2127-422b-91ae-364da2661108)